US8301881B2ExpiredUtilityA1

Proactive forced renewal of content protection implementations

44
Assignee: TRAW C BRENDAN SPriority: Apr 13, 2004Filed: May 11, 2011Granted: Oct 30, 2012
Est. expiryApr 13, 2024(expired)· nominal 20-yr term from priority
H04L 9/083H04L 2209/60H04L 9/0891
44
PatentIndex Score
0
Cited by
13
References
25
Claims

Abstract

A method, apparatus, and system for proactive forced renewal of content protection implementations in devices. The method includes, on a first substantially periodic basis, automatically pushing a new content protection implementation to a device that contains an existing content protection implementation; wherein the existing content protection implementation comprises (a) existing software for presenting protected content and (b) an existing key to facilitate presentation of protected content; and wherein the new content protection implementation comprises a new key to supersede the existing key for facilitating presentation of protected content. On a second substantially periodic basis, the method includes automatically pushing revocation data to the device, the revocation data to identify a plurality of revoked keys, each revoked key of the plurality of revoked keys comprising a key that has been superseded by the new key of the new content protection implementation.

Claims

exact text as granted — not AI-modified
1. A method for automatically renewing content protection implementations in devices, the method comprising:
 on a first substantially periodic basis, automatically pushing a new content protection implementation to a device that contains an existing content protection implementation; 
 wherein the existing content protection implementation comprises (a) existing software for presenting protected content and (b) an existing key to facilitate presentation of protected content; and 
 wherein the new content protection implementation comprises a new key to supersede the existing key for facilitating presentation of protected content; and 
 on a second substantially periodic basis, automatically pushing revocation data to the device, the revocation data to identify a plurality of revoked keys, each revoked key of the plurality of revoked keys comprising a key that has been superseded by the new key of the new content protection implementation; 
 wherein the revocation data is automatically pushed to the device on the second substantially periodic basis only after a corresponding new content protection implementation has already been pushed to the device to equip the device with a replacement key for at least one of the plurality of revoked keys. 
 
     
     
       2. A method according to  claim 1 , wherein the first substantially periodic basis and the second substantially periodic basis have substantially the same period. 
     
     
       3. A method according to  claim 1 , wherein:
 the first substantially periodic basis and the second substantially periodic basis have substantially the same period; and 
 the method further comprises waiting for a delay period after pushing the new content protection implementation to the device, before pushing corresponding revocation data to the device, thereby causing the second substantially periodic basis to follow the first substantially periodic basis by the delay period. 
 
     
     
       4. A method according to  claim 1 , wherein the revocation data is encrypted and can be decrypted by the new key of the new content protection implementation. 
     
     
       5. A method according to  claim 1 , wherein the operation of pushing the new content protection implementation to the device comprises:
 storing the new content protection implementation in a storage medium to be used by the device. 
 
     
     
       6. A method according to  claim 5 , wherein the operation of storing the new content protection implementation in the storage medium comprises storing the new content protection implementation in at least one medium from the group consisting of:
 a substantially blank storage medium; and 
 a pre-recorded storage medium. 
 
     
     
       7. A method according to  claim 1 , further comprising:
 receiving the revocation data, at a broadcaster, from a key generation facility; and 
 broadcasting, for reception by multiple devices, broadcast content that includes the revocation data. 
 
     
     
       8. A method according to  claim 1  wherein
 the revocation data identifies the plurality of revoked keys using two values that identify a range of more than two revoked keys. 
 
     
     
       9. An apparatus, comprising:
 a tangible, machine-accessible storage memory; and 
 instructions in the machine-accessible storage memory which, when executed by a processing system, cause the processing system to perform operations comprising: 
 on a first substantially periodic basis, automatically pushing a new content protection implementation to a device that contains an existing content protection implementation; 
 wherein the existing content protection implementation comprises (a) existing software for presenting protected content and (b) an existing key to facilitate presentation of protected content; and 
 wherein the new content protection implementation comprises a new key to supersede the existing key for facilitating presentation of protected content; and 
 on a second substantially periodic basis, automatically pushing revocation data to the device, the revocation data to identify a plurality of revoked keys, each revoked key of the plurality of revoked keys comprising a key that has been superseded by the new key of the new content protection implementation; 
 wherein the revocation data is automatically pushed to the device on the second substantially periodic basis only after a corresponding new content protection implementation has already been pushed to the device to equip the device with a replacement key for at least one of the plurality of revoked keys. 
 
     
     
       10. An apparatus according to  claim 9 , wherein the first substantially periodic basis and the second substantially periodic basis have substantially the same period. 
     
     
       11. An apparatus according to  claim 9 , wherein:
 the first substantially periodic basis and the second substantially periodic basis have substantially the same period; and 
 the operations comprise waiting for a delay period after pushing the new content protection implementation to the device, before pushing corresponding revocation data to the device, thereby causing the second substantially periodic basis to follow the first substantially periodic basis by the delay period. 
 
     
     
       12. An apparatus according to  claim 9 , wherein the revocation data is encrypted and can be decrypted by the new key of the new content protection implementation. 
     
     
       13. An apparatus according to  claim 9 , wherein the operation of pushing the new content protection implementation to the device comprises:
 storing the new content protection implementation in a storage medium to be used by the device. 
 
     
     
       14. An apparatus according to  claim 13 , wherein the storage medium comprises at least one medium from the group consisting of:
 a substantially blank storage medium; and 
 a pre-recorded storage medium. 
 
     
     
       15. An apparatus according to  claim 9 , wherein the operations comprise:
 receiving the revocation data from a key generation facility; and 
 pushing the received revocation data to the device. 
 
     
     
       16. An apparatus according to  claim 9 , wherein the operation of pushing the revocation data to the device comprises:
 including the revocation data in broadcast content transmitted by a broadcaster for reception by multiple devices. 
 
     
     
       17. An apparatus according to  claim 9 , wherein
 the revocation data identifies the plurality of revoked keys using two values that identify a range of more than two revoked keys. 
 
     
     
       18. A device, comprising:
 a processor; 
 a machine-accessible medium responsive to the processor; 
 an existing content protection implementation comprising (a) existing software for presenting protected content and (b) an existing key to facilitate presentation of protected content; and 
 instructions in the machine-accessible medium which, when executed by the device, enable to device to perform operations comprising:
 receiving a new content protection implementation pushed to the device, the new content protection implementation comprising a new key to supersede the existing key for facilitating presentation of protected content; 
 replacing the existing key with the new key from the new content protection implementation; and 
 after replacing the existing key with the new key from the new content protection implementation, receiving revocation data, wherein (a) the revocation data is pushed to the device and (b) the revocation data identifies a plurality of revoked keys, wherein at least one revoked key of the plurality of revoked keys has been superseded by the new key from the new content protection implementation. 
 
 
     
     
       19. A device according to  claim 18 , wherein the instructions enable the device to use new content protection implementations that are pushed to the device on a substantially periodic basis without regard to whether or not existing keys have been compromised. 
     
     
       20. A device according to  claim 18 , wherein the instructions enable the device to use revocation data that is pushed to the device on a second substantially periodic basis that follows the first periodic basis by a delay period. 
     
     
       21. A device according to  claim 18 , wherein the device comprises an information handling device from the group consisting of:
 a consumer electronics device for accessing protected content; and 
 a software-implemented player application for accessing protected content. 
 
     
     
       22. A device according to  claim 18 , wherein the operation of receiving the new content protection implementation comprises receiving the new content protection implementation from a pre-recorded storage medium. 
     
     
       23. A device according to  claim 18 , wherein the operation of receiving the revocation data comprises receiving the revocation data from broadcast content transmitted by a broadcaster for reception by multiple devices. 
     
     
       24. A device according to  claim 18 , wherein the operations comprises:
 after receiving the new content protection implementation with the new key and replacing the existing key with the new key, using the new key from the new content protection implementation to decrypt the revocation data. 
 
     
     
       25. A device according to  claim 18  wherein the revocation data identifies the plurality of revoked keys using two values that identify a range of more than two revoked keys.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.